Confidential Computing (CoCo) guests encrypt private memory by default.
DAX memory regions allow a guest to bypass its own (private) page cache
and instead use host memory, which is not private to the guest.
Commit 867400af90f1 ("mm/memremap.c: map FS_DAX device memory as
decrypted") only ensures that FS_DAX memory is appropriately marked as
decrypted. As such, also mark device-dax memory as decrypted.
Signed-off-by: Kevin Loughlin <kevinlough...@google.com>
---
drivers/dax/device.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/dax/device.c b/drivers/dax/device.c
index 2051e4f73c8a..a284442d7ecc 100644
--- a/drivers/dax/device.c
+++ b/drivers/dax/device.c
@@ -11,6 +11,7 @@
#include <linux/fs.h>
#include <linux/mm.h>
#include <linux/mman.h>
+#include <linux/cc_platform.h>
#include "dax-private.h"
#include "bus.h"
@@ -303,6 +304,8 @@ static int dax_mmap(struct file *filp, struct
vm_area_struct *vma)
vma->vm_ops = &dax_vm_ops;
vm_flags_set(vma, VM_HUGEPAGE);
+ if (cc_platform_has(CC_ATTR_MEM_ENCRYPT))
+ vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot);
return 0;
}
--
2.46.0.76.ge559c4bf1a-goog
